Valid Accounts

Dell RecoverPoint for Virtual Machines versions prior to 6.0.3.1 HF1 contain a hardcoded credential vulnerability (CWE-798) allowing unauthenticated remote atta…

CVE-2026-20182 is a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager, allowing unauthenticated remote attackers to o…

CVE-2026-20127 is a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager that allows unauthenticated remote attackers to…

CVE-2026-45321 is a critical supply-chain vulnerability affecting 42 TanStack packages, including TanStack/router, where 84 malicious versions were published to…

CVE-2026-34197 is a high-severity code injection vulnerability in Apache ActiveMQ (versions before 5.19.4 and 6.0.0-6.2.3) caused by improper input validation i…

CVE-2026-20128 is a high-severity vulnerability in Cisco Catalyst SD-WAN Manager affecting versions prior to 20.18, allowing unauthenticated remote attackers to…

CVE-2026-6973 is a high-severity (CVSS 7.2) remote code execution vulnerability in Ivanti EPMM versions prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1, caused by imp…

CVE-2026-20133 is a medium severity (CVSS 6.5) information disclosure vulnerability in Cisco Catalyst SD-WAN Software caused by insufficient file system restric…

CVE-2026-20122 is a medium severity vulnerability (CVSS 5.4) in Cisco Catalyst SD-WAN Manager affecting the API interface. It allows authenticated remote attack…

CVE-2025-32975 is a critical authentication bypass vulnerability (CVSS 10.0) in Quest KACE Systems Management Appliance versions 13.0.x through 14.1.x, allowing…

CVE-2026-33634 involves a supply chain attack against Aquasecurity's Trivy ecosystem, where compromised credentials were used to publish malicious versions of t…

CVE-2017-7921 is a critical improper authentication vulnerability (CWE-287) affecting multiple Hikvision DS-2CD and DS-2DF series devices running firmware versi…

Sangoma FreePBX Endpoint Manager versions 17.0.2.36 through 17.0.3 contain a post-authentication command injection vulnerability in the filestore module's testc…

CVE-2026-23760 is a critical authentication bypass vulnerability in SmarterTools SmarterMail versions prior to build 9511, allowing unauthenticated attackers to…

CVE-2024-8069 is a high-severity vulnerability in Citrix Session Recording that allows limited remote code execution with the privileges of a NetworkService acc…

SysAid On-Prem versions 23.3.40 and earlier are vulnerable to an unauthenticated XML External Entity (XXE) flaw in the Checkin processing functionality, enablin…

SysAid On-Prem versions up to 23.3.40 contain a critical unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, rat…

CVE-2025-20352 is a stack overflow vulnerability in the SNMP subsystem of Cisco IOS and IOS XE Software, classified under CWE-121. It carries a CVSS v3.1 score …

CVE-2025-4428 is a high-severity remote code execution vulnerability in the API component of Ivanti Endpoint Manager Mobile versions 12.5.0.0 and prior. It is c…

CVE-2025-31161 is a critical authentication bypass vulnerability in CrushFTP versions 10 before 10.8.4 and 11 before 11.3.1, allowing attackers to take over the…

CVE-2024-20439 is a critical authentication bypass vulnerability in Cisco Smart Licensing Utility (CSLU) caused by an undocumented static administrative credent…

CVE-2025-24472 is a HIGH severity (CVSS 8.1) Authentication Bypass Using an Alternate Path or Channel vulnerability affecting FortiOS versions 7.0.0 through 7.0…

CVE-2023-20118 is a command injection vulnerability in the web-based management interface of Cisco Small Business RV Series Routers (RV016, RV042, RV042G, RV082…

CVE-2025-24989 is a high-severity improper access control vulnerability in Microsoft Power Pages that allows unauthorized attackers to elevate privileges and by…

CVE-2025-0111 is a medium severity (CVSS 6.5) authenticated file read vulnerability in Palo Alto Networks PAN-OS affecting the management web interface. It allo…

CVE-2018-19410 is a critical vulnerability in Paessler PRTG Network Monitor versions prior to 18.2.40.1683 that allows remote unauthenticated attackers to creat…

CVE-2024-55591 is a critical authentication bypass vulnerability affecting FortiOS versions 7.0.0 through 7.0.16 and FortiProxy versions 7.0.0 through 7.0.19 an…

CVE-2021-44207 affects Acclaim USAHERDS versions through 7.4.0.1 due to the use of hard-coded credentials, classified under CWE-798. The vulnerability carries a…

CVE-2019-11001 is a command injection vulnerability affecting Reolink IP cameras including the RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices running …

CVE-2024-11680 is a critical improper authentication vulnerability (CWE-306) affecting ProjectSend versions prior to r1720, allowing remote unauthenticated atta…

CVE-2024-9474 is a HIGH severity privilege escalation vulnerability (CWE-78) in Palo Alto Networks PAN-OS software, allowing authenticated administrators with m…

CVE-2024-0012 is a critical authentication bypass vulnerability in Palo Alto Networks PAN-OS versions 10.2, 11.0, 11.1, and 11.2, allowing unauthenticated attac…

VMware ESXi contains an authentication bypass vulnerability (CVE-2024-37085) classified under CWE-287 and CWE-305, allowing malicious actors with sufficient Act…

CVE-2023-45249 is a critical remote code execution vulnerability in Acronis Cyber Infrastructure (ACI) caused by the use of default passwords, affecting builds …

CVE-2024-4040 is a critical server-side template injection vulnerability in CrushFTP versions prior to 10.7.1 and 11.1.0 across all platforms. It allows unauthe…

CVE-2023-6448 is a critical vulnerability in Unitronics VisiLogic versions prior to 9.9.00, affecting Vision and Samba PLCs and HMIs, caused by the use of a def…

CVE-2023-22518 is a critical Improper Authorization vulnerability (CWE-863) affecting all versions of Atlassian Confluence Data Center and Server, allowing unau…

CVE-2023-20198 is a critical vulnerability in Cisco IOS XE Software Web UI with a CVSS score of 10.0, allowing attackers to gain initial access and create local…

CVE-2023-22515 is a critical authentication bypass vulnerability in Atlassian Confluence Data Center and Server that allows external attackers to create unautho…

CVE-2023-42793 is a critical authentication bypass vulnerability in JetBrains TeamCity versions prior to 2023.05.4 that allows attackers to achieve remote code …

CVE-2023-28434 is a HIGH severity vulnerability (CVSS 8.8) in MinIO versions prior to RELEASE.2023-03-20T20-16-18Z that allows authenticated attackers to bypass…

CVE-2023-20269 is a medium severity vulnerability (CVSS 5.0) in Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software affecting re…

CVE-2023-27532 is a high-severity information disclosure vulnerability in Veeam Backup & Replication that allows attackers to obtain encrypted credentials from …

CVE-2024-57726 is a critical vulnerability in SimpleHelp remote support software versions 5.5.7 and earlier, allowing low-privilege technicians to create API ke…

CVE-2023-35081 is a path traversal vulnerability (CWE-22) in Ivanti Endpoint Manager Mobile (EPMM) versions 11.10.x prior to 11.10.0.3, 11.9.x prior to 11.9.1.2…

CVE-2022-28810 is a critical remote code execution vulnerability in Zoho ManageEngine ADSelfService Plus versions prior to build 6122, allowing authenticated ad…

CVE-2018-5430 is a path traversal and information disclosure vulnerability in TIBCO JasperReports Server versions up to 6.4.2, allowing authenticated users to r…

CVE-2020-3433 is a high-severity vulnerability in Cisco AnyConnect Secure Mobility Client for Windows that allows authenticated local attackers to perform DLL h…

CVE-2022-24706 is a critical vulnerability in Apache CouchDB versions prior to 3.2.2 that allows unauthenticated attackers to access improperly secured default …

CVE-2022-27925 affects Zimbra Collaboration Suite (ZCS) versions 8.8.15 and 9.0, involving a directory traversal vulnerability in the mboximport functionality t…